Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2022/04/30 12:0 a.m.13 views

@2dine/framework-ui (>=1.0.4 <=2.1.91), @7h3laughingman/pf2e-helpers (>=7.10.0 <=8.1.0) +73 more potentially affected by CVE-2022-25854 via @yaireo/tagify (>=2.31.6 <=4.37.1)

@yaireo/tagify NPM version =2.31.6, =1.0.4, =7.10.0, =7.10.0, =1.0.18-beta.23, =1.0.0, =1.3.5-beta.744, =2.1.0, =0.0.1, =1.0.0, =1.0.9, =1.0.1, =1.2.42, =1.0.0, =0.8.0, =5.0.3 and more Source cves: CVE-2022-25854 Source advisory: OSV:GHSA-PXPF-V376-7XX5...

5.4CVSS5.9AI score0.00949EPSS
Exploits1
Cvelist
Cvelist
added 2022/04/29 8:0 p.m.27 views

CVE-2022-25854 Cross-site Scripting (XSS)

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

5.4CVSS5.5AI score0.00949EPSS
Exploits1References5
OSV
OSV
added 2022/04/29 8:0 p.m.21 views

CVE-2022-25854 Cross-site Scripting (XSS)

This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload...

5.4CVSS6.2AI score0.00949EPSS
Exploits1References7
CVE
CVE
added 2022/04/29 8:0 p.m.85 views

CVE-2022-25854

The CVE affects @yaireo/tagify before 4.9.8. The root cause is that the placeholder input is not escaped in the Tagify rendering logic (tagify.js), enabling an attacker to inject and trigger XSS via a malicious placeholder value. Impact is XSS in inputs using Tagify; exploitation details are not ...

5.4CVSS5.2AI score0.00949EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder